PETEREPORT_MARKDOWN = {
'author': 'Pentest company',
diff --git a/docs/default_creds/index.html b/docs/default_creds/index.html
index 404e4d4..f02a6b2 100644
--- a/docs/default_creds/index.html
+++ b/docs/default_creds/index.html
@@ -286,20 +286,6 @@
-
-
-
-
-
-
-
- Django
-
-
-
-
-
-
@@ -558,7 +544,7 @@ Default Credentials
@@ -603,6 +589,7 @@
Docker
Environment
+Follow oficial installation guidelines: Docker Engine overview. Example in Ubuntu:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Deployment
@@ -666,13 +653,13 @@ Deployment
-
+
diff --git a/docs/findings/index.html b/docs/findings/index.html
index 4b7105e..1812270 100644
--- a/docs/findings/index.html
+++ b/docs/findings/index.html
@@ -291,20 +291,6 @@
-
-
-
-
-
-
-
- Django
-
-
-
-
-
-
diff --git a/docs/index.html b/docs/index.html
index 05ed8cf..6d25421 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -348,20 +348,6 @@
-
-
-
-
-
-
-
- Django
-
-
-
-
-
-
@@ -629,7 +615,6 @@
Architecture
-
Features
- Customizable reports output
@@ -642,7 +627,7 @@ Features
- PDF Output format
- Jupyter Notebook Output format
- Markdown Output format
-- CVSS 3.1 Score
+- CVSS 4 Score
- Docker installation
- DefectDojo integration
- User management
diff --git a/docs/products/index.html b/docs/products/index.html
index d055cf8..b820537 100644
--- a/docs/products/index.html
+++ b/docs/products/index.html
@@ -291,20 +291,6 @@
-
-
-
-
-
- -
-
- Django
-
-
-
-
-
-
diff --git a/docs/reports/index.html b/docs/reports/index.html
index 17eaa71..76b8333 100644
--- a/docs/reports/index.html
+++ b/docs/reports/index.html
@@ -291,20 +291,6 @@
-
-
-
-
-
-
-
- Django
-
-
-
-
-
-
diff --git a/docs/search/search_index.json b/docs/search/search_index.json
index 76c35e7..2550e08 100644
--- a/docs/search/search_index.json
+++ b/docs/search/search_index.json
@@ -1 +1 @@
-{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"PeTeReport PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters and security researchers to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown). Pentesting content management and reporting tool Architecture Features Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add Attack Flow to findings. This project is created and maintained by the MITRE Engenuity Center for Threat-Informed Defense HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 3.1 Score Docker installation DefectDojo integration User management Sample Reports PDF Sample HTML Sample MD Sample CSV Sample Jupyter Sample","title":"PeTeReport"},{"location":"#petereport","text":"PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters and security researchers to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown).","title":"PeTeReport"},{"location":"#architecture","text":"","title":"Architecture"},{"location":"#features","text":"Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add Attack Flow to findings. This project is created and maintained by the MITRE Engenuity Center for Threat-Informed Defense HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 3.1 Score Docker installation DefectDojo integration User management","title":"Features"},{"location":"#sample-reports","text":"PDF Sample HTML Sample MD Sample CSV Sample Jupyter Sample","title":"Sample Reports"},{"location":"appendix/","text":"Appendix The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description List of Appendix Add Appendix","title":"Appendix"},{"location":"appendix/#appendix","text":"The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description","title":"Appendix"},{"location":"appendix/#list-of-appendix","text":"","title":"List of Appendix"},{"location":"appendix/#add-appendix","text":"","title":"Add Appendix"},{"location":"attackflow/","text":"Attack Flows Attack flow is a data model with supporting tooling and examples for describing sequences of adversary behaviors. Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack. Flows can be analyzed to identify common patterns in adversary behavior, overlayed on ATT&CK Navigator layers to understand defensive coverage, and create a foundation for intel-driven adversary emulation plans. The Security decision flow module facilitate the management of attack path that can be linked to a finding. The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees: ATT&CK Other attack path/trees planner that I recommend you to take a look: Deciduous Walter: Attack Path Planner List of Attack Flows Add Attack Flow","title":"Attack flow"},{"location":"attackflow/#attack-flows","text":"Attack flow is a data model with supporting tooling and examples for describing sequences of adversary behaviors. Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack. Flows can be analyzed to identify common patterns in adversary behavior, overlayed on ATT&CK Navigator layers to understand defensive coverage, and create a foundation for intel-driven adversary emulation plans. The Security decision flow module facilitate the management of attack path that can be linked to a finding. The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees: ATT&CK Other attack path/trees planner that I recommend you to take a look: Deciduous Walter: Attack Path Planner","title":"Attack Flows"},{"location":"attackflow/#list-of-attack-flows","text":"","title":"List of Attack Flows"},{"location":"attackflow/#add-attack-flow","text":"","title":"Add Attack Flow"},{"location":"configuration/","text":"Configuration It can be possible to customize reports and the application configuration in app/config/petereport_config.py Application default credentials PETEREPORT_CONFIG = { 'admin_username': 'admin', 'admin_password': 'P3t3r3p0rt', 'admin_email': 'admin@petereport.pentest', 'viewer_username': 'viewer', 'viewer_password': 'v13w3r', 'viewer_email': 'viewer@petereport.pentest' } Defect Dojo connector credentials DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format: Token } Django configuration DJANGO_CONFIG = { 'secret_key': 'django-insecure-key-CHANGEMEPLEASE-pKj9bd9h7*RMCuU', 'debug': False, 'admin_module': False, 'allowed_hosts': '[\\'*\\']', 'server_host': 'http://127.0.0.1:8000', 'upload_memory_size': 10485760 # 10MB } Templates configuration PETEREPORT_TEMPLATES = { 'templates_root': 'preport/templates/tpl', 'storage_reports': 'storage_reports', 'html_template': 'bootstrap-4-pandoc-template/template.html', 'pdf_latex_template': 'petereport.latex', 'report_id_format': 'PEN-DOC-', 'report_csv_name': 'PEN-CSV', 'report_markdown_name': 'PEN-MD', 'report_html_name': 'PEN-HTML', 'report_pdf_name': 'PEN-PDF', 'report_pdf_language': \"en\", 'report_pdf_title_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_pdf_pages_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_jupyter_name': 'PEN-JUPYTER', 'initial_text': 'TBC', 'titlepage-color': \"e6e2e2\", 'titlepage-text-color': \"000000\", 'titlepage-rule-color': \"cc0000\", 'titlepage-rule-height': 2 } Markdown configuration Report information and media host configuration: BASE64 : Stores images in Database MEDIA : Stores the images in the server (it is recommended to restrict the access to the server and encrypt the data to mitigate the leak or disclosure of the evidences). The path is not protected, must be set 'debug': True. This is highly insecure and not encouraged for production use. Should be configured the web server (apache, nginx, etc) to serve the media content using a protected link. PETEREPORT_MARKDOWN = { 'author': 'Pentest company', 'subject': 'Pentest Report', 'website': 'https://github.com/1modm/petereport', 'martor_upload_method': 'BASE64' # BASE64 (stored in DB) or MEDIA (path not protected) 'media_host': 'http://127.0.0.1:8000' }","title":"Configuration"},{"location":"configuration/#configuration","text":"It can be possible to customize reports and the application configuration in app/config/petereport_config.py","title":"Configuration"},{"location":"configuration/#application-default-credentials","text":"PETEREPORT_CONFIG = { 'admin_username': 'admin', 'admin_password': 'P3t3r3p0rt', 'admin_email': 'admin@petereport.pentest', 'viewer_username': 'viewer', 'viewer_password': 'v13w3r', 'viewer_email': 'viewer@petereport.pentest' }","title":"Application default credentials"},{"location":"configuration/#defect-dojo-connector-credentials","text":"DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format: Token }","title":"Defect Dojo connector credentials"},{"location":"configuration/#django-configuration","text":"DJANGO_CONFIG = { 'secret_key': 'django-insecure-key-CHANGEMEPLEASE-pKj9bd9h7*RMCuU', 'debug': False, 'admin_module': False, 'allowed_hosts': '[\\'*\\']', 'server_host': 'http://127.0.0.1:8000', 'upload_memory_size': 10485760 # 10MB }","title":"Django configuration"},{"location":"configuration/#templates-configuration","text":"PETEREPORT_TEMPLATES = { 'templates_root': 'preport/templates/tpl', 'storage_reports': 'storage_reports', 'html_template': 'bootstrap-4-pandoc-template/template.html', 'pdf_latex_template': 'petereport.latex', 'report_id_format': 'PEN-DOC-', 'report_csv_name': 'PEN-CSV', 'report_markdown_name': 'PEN-MD', 'report_html_name': 'PEN-HTML', 'report_pdf_name': 'PEN-PDF', 'report_pdf_language': \"en\", 'report_pdf_title_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_pdf_pages_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_jupyter_name': 'PEN-JUPYTER', 'initial_text': 'TBC', 'titlepage-color': \"e6e2e2\", 'titlepage-text-color': \"000000\", 'titlepage-rule-color': \"cc0000\", 'titlepage-rule-height': 2 }","title":"Templates configuration"},{"location":"configuration/#markdown-configuration","text":"Report information and media host configuration: BASE64 : Stores images in Database MEDIA : Stores the images in the server (it is recommended to restrict the access to the server and encrypt the data to mitigate the leak or disclosure of the evidences). The path is not protected, must be set 'debug': True. This is highly insecure and not encouraged for production use. Should be configured the web server (apache, nginx, etc) to serve the media content using a protected link. PETEREPORT_MARKDOWN = { 'author': 'Pentest company', 'subject': 'Pentest Report', 'website': 'https://github.com/1modm/petereport', 'martor_upload_method': 'BASE64' # BASE64 (stored in DB) or MEDIA (path not protected) 'media_host': 'http://127.0.0.1:8000' }","title":"Markdown configuration"},{"location":"default_creds/","text":"Administrator: admin/P3t3r3p0rt Viewer: viewer/v13w3r","title":"Default Credentials"},{"location":"django/","text":"Django installation Prerequisites PeTeReport requires Python \u2265 3.8. Recommended installation requires pip . As a base requirement, the following packages are needed: Ubuntu/Debian: sudo apt-get install python3-pip python3-venv build-essential OpenSuse: sudo zypper install python3-devel gcc CentOS: sudo yum install python3-devel gcc Environment It is strongly recommended to set up the installation in a virtual environment (Pipenv) : Pipenv Linux: sudo apt-get install pipenv pip: python3 -m pip install pipenv MAC: brew install pipenv Dependencies Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh Latex Linux: sudo apt-get install texlive-full Mac: brew remove basictex brew cask install mactex Pandoc Linux: sudo apt-get install pandoc sudo apt-get install python3-pypandoc Mac: brew install pandoc brew install pandoc-citeproc Eisvogel python3 -m pip install pandoc-latex-environment Download the latest version of the Eisvogel template from the release page. Extract the downloaded ZIP archive and open the folder. Move the template eisvogel.tex to your pandoc templates folder and rename the file to eisvogel.latex. The location of the templates folder depends on your operating system: /Users/$USER/.pandoc/templates/eisvogel.latex or /home/$USER/.pandoc/templates PeTeReport Clone the project and cd into PeTeReport: cd petereport/ Create a new virtual environment and installing dependencies: pipenv install Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Create the database: python manage.py migrate Make the latest database changes: python manage.py makemigrations Super user admin/P3t3r3p0rt will be created, but you can create a new super user: python manage.py createsuperuser Populate the CWE data python manage.py loaddata config/cwe-list.json Populate the OWASP data python manage.py loaddata config/owasp-list.json Start the server Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure Go to http://127.0.0.1:8000/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report Close up and stop the server: Ctrl + C Upgrade PeTeReport Stop the server if it's running: Ctrl + C Pull the latest code base via git: git pull or download the source and replace the files. Setup any additional dependencies: pipenv install Run the virtual environment: pipenv shell Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again Clean PeTeReport Stop the server if it's running: Ctrl + C Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Run cleaner: python clean.py Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again Configuration Stop the server if it's running: Ctrl + C Customize reports and configuration in app/config/petereport_config.py Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure","title":"Django"},{"location":"django/#django-installation","text":"","title":"Django installation"},{"location":"django/#prerequisites","text":"PeTeReport requires Python \u2265 3.8. Recommended installation requires pip . As a base requirement, the following packages are needed: Ubuntu/Debian: sudo apt-get install python3-pip python3-venv build-essential OpenSuse: sudo zypper install python3-devel gcc CentOS: sudo yum install python3-devel gcc","title":"Prerequisites"},{"location":"django/#environment","text":"It is strongly recommended to set up the installation in a virtual environment (Pipenv) :","title":"Environment"},{"location":"django/#pipenv","text":"Linux: sudo apt-get install pipenv pip: python3 -m pip install pipenv MAC: brew install pipenv","title":"Pipenv"},{"location":"django/#dependencies","text":"Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh","title":"Dependencies"},{"location":"django/#latex","text":"Linux: sudo apt-get install texlive-full Mac: brew remove basictex brew cask install mactex","title":"Latex"},{"location":"django/#pandoc","text":"Linux: sudo apt-get install pandoc sudo apt-get install python3-pypandoc Mac: brew install pandoc brew install pandoc-citeproc","title":"Pandoc"},{"location":"django/#eisvogel","text":"python3 -m pip install pandoc-latex-environment Download the latest version of the Eisvogel template from the release page. Extract the downloaded ZIP archive and open the folder. Move the template eisvogel.tex to your pandoc templates folder and rename the file to eisvogel.latex. The location of the templates folder depends on your operating system: /Users/$USER/.pandoc/templates/eisvogel.latex or /home/$USER/.pandoc/templates","title":"Eisvogel"},{"location":"django/#petereport","text":"Clone the project and cd into PeTeReport: cd petereport/ Create a new virtual environment and installing dependencies: pipenv install Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Create the database: python manage.py migrate Make the latest database changes: python manage.py makemigrations Super user admin/P3t3r3p0rt will be created, but you can create a new super user: python manage.py createsuperuser Populate the CWE data python manage.py loaddata config/cwe-list.json Populate the OWASP data python manage.py loaddata config/owasp-list.json","title":"PeTeReport"},{"location":"django/#start-the-server","text":"Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure Go to http://127.0.0.1:8000/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report Close up and stop the server: Ctrl + C","title":"Start the server"},{"location":"django/#upgrade-petereport","text":"Stop the server if it's running: Ctrl + C Pull the latest code base via git: git pull or download the source and replace the files. Setup any additional dependencies: pipenv install Run the virtual environment: pipenv shell Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again","title":"Upgrade PeTeReport"},{"location":"django/#clean-petereport","text":"Stop the server if it's running: Ctrl + C Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Run cleaner: python clean.py Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again","title":"Clean PeTeReport"},{"location":"django/#configuration","text":"Stop the server if it's running: Ctrl + C Customize reports and configuration in app/config/petereport_config.py Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure","title":"Configuration"},{"location":"docker/","text":"Docker Environment sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin Deployment Clone repository cd /opt git clone https://github.com/1modm/petereport cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment docker compose build --build-arg TARGETARCH=amd64 docker compose up Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Docker"},{"location":"docker/#docker","text":"","title":"Docker"},{"location":"docker/#environment","text":"sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin","title":"Environment"},{"location":"docker/#deployment","text":"Clone repository cd /opt git clone https://github.com/1modm/petereport cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment docker compose build --build-arg TARGETARCH=amd64 docker compose up Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Deployment"},{"location":"findings/","text":"Findings The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path List of findings Create new findings Add Finding from Templates Can be added findings to a report from the template list previously created. Add custom fields Can be added custom fields to the findings: Import Findings from DefectDojo We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key } Import Findings from CSV Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" CWE List When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"Findings"},{"location":"findings/#findings","text":"The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path","title":"Findings"},{"location":"findings/#list-of-findings","text":"","title":"List of findings"},{"location":"findings/#create-new-findings","text":"","title":"Create new findings"},{"location":"findings/#add-finding-from-templates","text":"Can be added findings to a report from the template list previously created.","title":"Add Finding from Templates"},{"location":"findings/#add-custom-fields","text":"Can be added custom fields to the findings:","title":"Add custom fields"},{"location":"findings/#import-findings-from-defectdojo","text":"We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key }","title":"Import Findings from DefectDojo"},{"location":"findings/#import-findings-from-csv","text":"Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\"","title":"Import Findings from CSV"},{"location":"findings/#cwe-list","text":"When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"CWE List"},{"location":"products/","text":"Products The products module facilitate the management of products. A product have the next fields by: Product Name Product Description List of products Create new products","title":"Products"},{"location":"products/#products","text":"The products module facilitate the management of products. A product have the next fields by: Product Name Product Description","title":"Products"},{"location":"products/#list-of-products","text":"","title":"List of products"},{"location":"products/#create-new-products","text":"","title":"Create new products"},{"location":"reports/","text":"Reports The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date List of Reports Create new reports Report Details Template Customization It can be edited the templates used for each export format, just go to the folder /app/preport/templates/tpl and modify the markdown, latex or html as needed.","title":"Reports"},{"location":"reports/#reports","text":"The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date","title":"Reports"},{"location":"reports/#list-of-reports","text":"","title":"List of Reports"},{"location":"reports/#create-new-reports","text":"","title":"Create new reports"},{"location":"reports/#report-details","text":"","title":"Report Details"},{"location":"reports/#template-customization","text":"It can be edited the templates used for each export format, just go to the folder /app/preport/templates/tpl and modify the markdown, latex or html as needed.","title":"Template Customization"},{"location":"users/","text":"User management The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view List of users and roles Create new users","title":"User management"},{"location":"users/#user-management","text":"The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view","title":"User management"},{"location":"users/#list-of-users-and-roles","text":"","title":"List of users and roles"},{"location":"users/#create-new-users","text":"","title":"Create new users"}]}
\ No newline at end of file
+{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"PeTeReport PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters and security researchers to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown). Pentesting content management and reporting tool Architecture Features Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add Attack Flow to findings. This project is created and maintained by the MITRE Engenuity Center for Threat-Informed Defense HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 4 Score Docker installation DefectDojo integration User management Sample Reports PDF Sample HTML Sample MD Sample CSV Sample Jupyter Sample","title":"PeTeReport"},{"location":"#petereport","text":"PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters and security researchers to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown).","title":"PeTeReport"},{"location":"#architecture","text":"","title":"Architecture"},{"location":"#features","text":"Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add Attack Flow to findings. This project is created and maintained by the MITRE Engenuity Center for Threat-Informed Defense HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 4 Score Docker installation DefectDojo integration User management","title":"Features"},{"location":"#sample-reports","text":"PDF Sample HTML Sample MD Sample CSV Sample Jupyter Sample","title":"Sample Reports"},{"location":"appendix/","text":"Appendix The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description List of Appendix Add Appendix","title":"Appendix"},{"location":"appendix/#appendix","text":"The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description","title":"Appendix"},{"location":"appendix/#list-of-appendix","text":"","title":"List of Appendix"},{"location":"appendix/#add-appendix","text":"","title":"Add Appendix"},{"location":"attackflow/","text":"Attack Flows Attack flow is a data model with supporting tooling and examples for describing sequences of adversary behaviors. Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack. Flows can be analyzed to identify common patterns in adversary behavior, overlayed on ATT&CK Navigator layers to understand defensive coverage, and create a foundation for intel-driven adversary emulation plans. The Security decision flow module facilitate the management of attack path that can be linked to a finding. The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees: ATT&CK Other attack path/trees planner that I recommend you to take a look: Deciduous Walter: Attack Path Planner List of Attack Flows Add Attack Flow","title":"Attack flow"},{"location":"attackflow/#attack-flows","text":"Attack flow is a data model with supporting tooling and examples for describing sequences of adversary behaviors. Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack. Flows can be analyzed to identify common patterns in adversary behavior, overlayed on ATT&CK Navigator layers to understand defensive coverage, and create a foundation for intel-driven adversary emulation plans. The Security decision flow module facilitate the management of attack path that can be linked to a finding. The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees: ATT&CK Other attack path/trees planner that I recommend you to take a look: Deciduous Walter: Attack Path Planner","title":"Attack Flows"},{"location":"attackflow/#list-of-attack-flows","text":"","title":"List of Attack Flows"},{"location":"attackflow/#add-attack-flow","text":"","title":"Add Attack Flow"},{"location":"configuration/","text":"Configuration It can be possible to customize reports and the application configuration in app/config/petereport_config.py Application default credentials PETEREPORT_CONFIG = { 'admin_username': 'admin', 'admin_password': 'P3t3r3p0rt', 'admin_email': 'admin@petereport.pentest', 'viewer_username': 'viewer', 'viewer_password': 'v13w3r', 'viewer_email': 'viewer@petereport.pentest' } Defect Dojo connector credentials DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format: Token } Django configuration DJANGO_CONFIG = { 'secret_key': 'django-insecure-key-CHANGEMEPLEASE-pKj9bd9h7*RMCuU', 'debug': False, 'admin_module': False, 'allowed_hosts': '[\\'*\\']', 'server_host': 'http://127.0.0.1:8000', 'upload_memory_size': 10485760 # 10MB } Templates configuration PETEREPORT_TEMPLATES = { 'templates_root': 'preport/templates/tpl', 'storage_reports': 'storage_reports', 'html_template': 'bootstrap-4-pandoc-template/template.html', 'pdf_latex_template': 'petereport.latex', 'report_id_format': 'PEN-DOC-', 'report_csv_name': 'PEN-CSV', 'report_markdown_name': 'PEN-MD', 'report_html_name': 'PEN-HTML', 'report_pdf_name': 'PEN-PDF', 'report_pdf_language': \"en\", 'report_pdf_title_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_pdf_pages_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_jupyter_name': 'PEN-JUPYTER', 'initial_text': 'TBC', 'titlepage-color': \"e6e2e2\", 'titlepage-text-color': \"000000\", 'titlepage-rule-color': \"cc0000\", 'titlepage-rule-height': 2 } Markdown configuration Report information and media host configuration: BASE64 : Stores images in Database MEDIA : Stores the images in the server (it is recommended to restrict the access to the server and encrypt the data to mitigate the leak or disclosure of the evidences). The path is not protected. This is highly insecure and not encouraged for production use. Should be configured the web server (apache, nginx, etc) to serve the media content using a protected link. PETEREPORT_MARKDOWN = { 'author': 'Pentest company', 'subject': 'Pentest Report', 'website': 'https://github.com/1modm/petereport', 'martor_upload_method': 'BASE64' # BASE64 (stored in DB) or MEDIA (path not protected) 'media_host': 'http://127.0.0.1:8000' }","title":"Configuration"},{"location":"configuration/#configuration","text":"It can be possible to customize reports and the application configuration in app/config/petereport_config.py","title":"Configuration"},{"location":"configuration/#application-default-credentials","text":"PETEREPORT_CONFIG = { 'admin_username': 'admin', 'admin_password': 'P3t3r3p0rt', 'admin_email': 'admin@petereport.pentest', 'viewer_username': 'viewer', 'viewer_password': 'v13w3r', 'viewer_email': 'viewer@petereport.pentest' }","title":"Application default credentials"},{"location":"configuration/#defect-dojo-connector-credentials","text":"DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format: Token }","title":"Defect Dojo connector credentials"},{"location":"configuration/#django-configuration","text":"DJANGO_CONFIG = { 'secret_key': 'django-insecure-key-CHANGEMEPLEASE-pKj9bd9h7*RMCuU', 'debug': False, 'admin_module': False, 'allowed_hosts': '[\\'*\\']', 'server_host': 'http://127.0.0.1:8000', 'upload_memory_size': 10485760 # 10MB }","title":"Django configuration"},{"location":"configuration/#templates-configuration","text":"PETEREPORT_TEMPLATES = { 'templates_root': 'preport/templates/tpl', 'storage_reports': 'storage_reports', 'html_template': 'bootstrap-4-pandoc-template/template.html', 'pdf_latex_template': 'petereport.latex', 'report_id_format': 'PEN-DOC-', 'report_csv_name': 'PEN-CSV', 'report_markdown_name': 'PEN-MD', 'report_html_name': 'PEN-HTML', 'report_pdf_name': 'PEN-PDF', 'report_pdf_language': \"en\", 'report_pdf_title_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_pdf_pages_background': \"title.png\", # title.png, blank.png - location: app/preport/templates/tpl/pdf/ 'report_jupyter_name': 'PEN-JUPYTER', 'initial_text': 'TBC', 'titlepage-color': \"e6e2e2\", 'titlepage-text-color': \"000000\", 'titlepage-rule-color': \"cc0000\", 'titlepage-rule-height': 2 }","title":"Templates configuration"},{"location":"configuration/#markdown-configuration","text":"Report information and media host configuration: BASE64 : Stores images in Database MEDIA : Stores the images in the server (it is recommended to restrict the access to the server and encrypt the data to mitigate the leak or disclosure of the evidences). The path is not protected. This is highly insecure and not encouraged for production use. Should be configured the web server (apache, nginx, etc) to serve the media content using a protected link. PETEREPORT_MARKDOWN = { 'author': 'Pentest company', 'subject': 'Pentest Report', 'website': 'https://github.com/1modm/petereport', 'martor_upload_method': 'BASE64' # BASE64 (stored in DB) or MEDIA (path not protected) 'media_host': 'http://127.0.0.1:8000' }","title":"Markdown configuration"},{"location":"default_creds/","text":"Administrator: admin/P3t3r3p0rt Viewer: viewer/v13w3r","title":"Default Credentials"},{"location":"docker/","text":"Docker Environment Follow oficial installation guidelines: Docker Engine overview . Example in Ubuntu: sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin Deployment Clone repository cd /opt git clone https://github.com/1modm/petereport cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment docker compose build --build-arg TARGETARCH=amd64 docker compose up Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Docker"},{"location":"docker/#docker","text":"","title":"Docker"},{"location":"docker/#environment","text":"Follow oficial installation guidelines: Docker Engine overview . Example in Ubuntu: sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin","title":"Environment"},{"location":"docker/#deployment","text":"Clone repository cd /opt git clone https://github.com/1modm/petereport cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment docker compose build --build-arg TARGETARCH=amd64 docker compose up Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Deployment"},{"location":"findings/","text":"Findings The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path List of findings Create new findings Add Finding from Templates Can be added findings to a report from the template list previously created. Add custom fields Can be added custom fields to the findings: Import Findings from DefectDojo We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key } Import Findings from CSV Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" CWE List When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"Findings"},{"location":"findings/#findings","text":"The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path","title":"Findings"},{"location":"findings/#list-of-findings","text":"","title":"List of findings"},{"location":"findings/#create-new-findings","text":"","title":"Create new findings"},{"location":"findings/#add-finding-from-templates","text":"Can be added findings to a report from the template list previously created.","title":"Add Finding from Templates"},{"location":"findings/#add-custom-fields","text":"Can be added custom fields to the findings:","title":"Add custom fields"},{"location":"findings/#import-findings-from-defectdojo","text":"We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key }","title":"Import Findings from DefectDojo"},{"location":"findings/#import-findings-from-csv","text":"Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\"","title":"Import Findings from CSV"},{"location":"findings/#cwe-list","text":"When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"CWE List"},{"location":"products/","text":"Products The products module facilitate the management of products. A product have the next fields by: Product Name Product Description List of products Create new products","title":"Products"},{"location":"products/#products","text":"The products module facilitate the management of products. A product have the next fields by: Product Name Product Description","title":"Products"},{"location":"products/#list-of-products","text":"","title":"List of products"},{"location":"products/#create-new-products","text":"","title":"Create new products"},{"location":"reports/","text":"Reports The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date List of Reports Create new reports Report Details Template Customization It can be edited the templates used for each export format, just go to the folder /app/preport/templates/tpl and modify the markdown, latex or html as needed.","title":"Reports"},{"location":"reports/#reports","text":"The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date","title":"Reports"},{"location":"reports/#list-of-reports","text":"","title":"List of Reports"},{"location":"reports/#create-new-reports","text":"","title":"Create new reports"},{"location":"reports/#report-details","text":"","title":"Report Details"},{"location":"reports/#template-customization","text":"It can be edited the templates used for each export format, just go to the folder /app/preport/templates/tpl and modify the markdown, latex or html as needed.","title":"Template Customization"},{"location":"users/","text":"User management The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view List of users and roles Create new users","title":"User management"},{"location":"users/#user-management","text":"The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view","title":"User management"},{"location":"users/#list-of-users-and-roles","text":"","title":"List of users and roles"},{"location":"users/#create-new-users","text":"","title":"Create new users"}]}
\ No newline at end of file
diff --git a/docs/sitemap.xml b/docs/sitemap.xml
index 56bf983..2f9c993 100644
--- a/docs/sitemap.xml
+++ b/docs/sitemap.xml
@@ -2,57 +2,52 @@
https://1modm.github.io/petereport/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/appendix/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/attackflow/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/configuration/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/default_creds/
- 2023-08-22
- daily
-
-
- https://1modm.github.io/petereport/django/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/docker/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/findings/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/products/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/reports/
- 2023-08-22
+ 2023-12-19
daily
https://1modm.github.io/petereport/users/
- 2023-08-22
+ 2023-12-19
daily
\ No newline at end of file
diff --git a/docs/sitemap.xml.gz b/docs/sitemap.xml.gz
index 4ea2d7f..e2db0ac 100644
Binary files a/docs/sitemap.xml.gz and b/docs/sitemap.xml.gz differ
diff --git a/docs/users/index.html b/docs/users/index.html
index f6f680b..c83172d 100644
--- a/docs/users/index.html
+++ b/docs/users/index.html
@@ -291,20 +291,6 @@
-
-
-
-
-
-
-
- Django
-
-
-
-
-
-
diff --git a/images/dashboard.png b/images/dashboard.png
index 521e9ee..91a965e 100644
Binary files a/images/dashboard.png and b/images/dashboard.png differ
diff --git a/scripts/ubuntu_environment_install.sh b/scripts/ubuntu_environment_install.sh
deleted file mode 100644
index ddce1d6..0000000
--- a/scripts/ubuntu_environment_install.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-set -eu -o pipefail # fail on error , debug all lines
-
-sudo -n true
-test $? -eq 0 || exit 1 "sudo privileges?"
-
-## Update packages and Upgrade system
-sudo apt-get update
-sudo apt-get upgrade -y
-
-echo '[+] Installing the environment pre-requisites'
-while read -r p ; do sudo apt-get install -y $p ; done < <(cat << "EOF"
- pipenv
- pandoc
- python3-pypandoc
- cairosvg
- python3-cairosvg
- libcairo2
- libcairo2-dev
- libpangocairo-1.0-0
- wget
-EOF
-)
-
-echo '[+] Installing Eisvogel'
-sleep 1
-
-python3 -m pip install pandoc-latex-environment
-
-if [ -d "eisvogel" ]; then
-echo "Directory already exists" ;
-else
-`mkdir -p eisvogel`;
-echo "eisvogel directory is created"
-fi
-
-cd eisvogel/
-wget https://github.com/Wandmalfarbe/pandoc-latex-template/releases/download/v2.0.0/Eisvogel-2.0.0.tar.gz
-tar xvfz Eisvogel-2.0.0.tar.gz
-mkdir -p /home/$SUDO_USER/.pandoc/templates
-cp eisvogel.latex /home/$SUDO_USER/.pandoc/templates/